Hi,

We have a some PC's with Endpoint Security installed. The blades that are activated oc the PC's are VPN, Compliance and Firewall. The management server is running R77.30 and the client version is E80.90.

We are using location awareness and auto-connect and hub mode for these clients.

A few weeks back we noticed that if we connected a PC to the LAN all local connected started to fail. We could not get DNS, DHCP or say mount an internal file share. Externally the connections were allowed.

While investigating I found that the firewall logs on the client drops all internal traffic due to (192.168.2.43 is the DNS):

[ 5844 1952] [15 May 13:31:34] FWMSG_RULE_ACTION, dstIp = 192.168.2.43 (port 53)
rule name = DropClrToEnc, src ip = 192.168.10.8, srcport=52405 action=DROP/NOTIFY,
Protocol=ETHERNET/IP, dwSubProtocol=UDP, dwClientId=0

So I've been trying to see where this rule originate from. Since were using the thin client for Endpoint Security it seems like the policy in SmartEndpoint is not utilizied for this client.

I've installed the Checkpoint Mobile client (which is without the firewall) and that allow local connections.

Also, in the installation path for the Endpoint Client there is a file named DisconnectedPolicy.xml which only contains one row:
"FILE DOES NOT EXIST"

Is the solution to check in the ttm-files or how is the disconnected policy applied?

Thanks!